Filtered by vendor Zoom
Subscribe
Total
106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36536 | 1 Zoom | 1 Rooms | 2024-02-04 | N/A | 7.8 HIGH |
| Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | |||||
| CVE-2023-34119 | 1 Zoom | 1 Rooms | 2024-02-04 | N/A | 7.8 HIGH |
| Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | |||||
| CVE-2023-22881 | 1 Zoom | 1 Zoom | 2024-02-04 | N/A | 7.5 HIGH |
| Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. | |||||
| CVE-2023-22882 | 1 Zoom | 1 Zoom | 2024-02-04 | N/A | 7.5 HIGH |
| Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. | |||||
| CVE-2022-28768 | 1 Zoom | 1 Meetings | 2024-02-04 | N/A | 7.8 HIGH |
| The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root. | |||||
| CVE-2023-22880 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2024-02-04 | N/A | 7.5 HIGH |
| Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft’s online Spellcheck service instead of the local Windows Spellcheck. Updating Zoom remediates this vulnerability by disabling the feature. Updating Microsoft Edge WebView2 Runtime to at least version 109.0.1481.0 and restarting Zoom remediates this vulnerability by updating Microsoft’s telemetry behavior. | |||||
| CVE-2022-36924 | 1 Zoom | 1 Rooms | 2024-02-04 | N/A | 7.8 HIGH |
| The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user. | |||||
| CVE-2022-28766 | 1 Zoom | 2 Meetings, Rooms | 2024-02-04 | N/A | 7.3 HIGH |
| Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client. | |||||
| CVE-2023-22883 | 1 Zoom | 1 Meetings | 2024-02-04 | N/A | 7.8 HIGH |
| Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM user. | |||||
| CVE-2022-28757 | 1 Zoom | 1 Meetings | 2024-02-04 | N/A | 7.8 HIGH |
| The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. | |||||
| CVE-2022-28752 | 1 Zoom | 1 Rooms | 2024-02-04 | N/A | 7.8 HIGH |
| Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user. | |||||
| CVE-2022-28760 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-02-04 | N/A | 6.5 MEDIUM |
| Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. | |||||
| CVE-2022-28756 | 1 Zoom | 1 Meetings | 2024-02-04 | N/A | 7.8 HIGH |
| The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. | |||||
| CVE-2022-28754 | 1 Zoom | 1 Meeting Connector | 2024-02-04 | N/A | 5.4 MEDIUM |
| Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions. | |||||
| CVE-2022-28761 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-02-04 | N/A | 6.5 MEDIUM |
| Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions. | |||||
| CVE-2022-28755 | 1 Zoom | 2 Virtual Desktop Infrastructure, Zoom | 2024-02-04 | N/A | 6.1 MEDIUM |
| The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for remote code execution through launching executables from arbitrary paths. | |||||
| CVE-2022-28750 | 1 Zoom | 1 Meeting Connector | 2024-02-04 | N/A | 9.8 CRITICAL |
| Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can result in memory corruption and could allow a malicious actor to crash the application. In versions older than 4.8.12.20211115, this vulnerability could also be leveraged to execute arbitrary code. | |||||
| CVE-2022-28753 | 1 Zoom | 1 Meeting Connector | 2024-02-04 | N/A | 5.4 MEDIUM |
| Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions. | |||||
| CVE-2022-28763 | 1 Zoom | 3 Meetings, Rooms For Conference Rooms, Virtual Desktop Infrastructure | 2024-02-04 | N/A | 9.6 CRITICAL |
| The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers. | |||||
| CVE-2022-28751 | 1 Zoom | 1 Meetings | 2024-02-04 | N/A | 7.8 HIGH |
| The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. | |||||